MattTheTekie/Windows11Exploits
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Update report.txt

Browse source
This commit is contained in:
nu11secur1ty 2023-07-07 10:27:06 +03:00 committed by GitHub
commit 595ba80c01
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

7
2023/CVE-2023-33145/docs/report.txt
View file

@ -4,15 +4,14 @@
## Vendor: https://www.microsoft.com/
## Software: https://www.microsoft.com/en-us/edge?form=MA13FJ&exp=e415
## Reference: https://portswigger.net/web-security/information-disclosure, https://www.softwaresecured.com/stride-threat-modeling/
## CVE-2023-33145
## Description:
The type of information that could be disclosed if an attacker successfully exploited this vulnerability is data inside the targeted website like IDs, tokens, nonces, cookies, IP, User-Agent, and other sensitive information.
The user would have to click on a specially crafted URL to be compromised by the attacker.
In this example, the attacker use STRIDE Threat Modeling to spoof the victim to click on his website and done.
This will be hard to detect.
In this example, the attacker uses `STRIDE Threat Modeling` to spoof the victim to click on his website and done.
This is the general spoofing vulnerability and does not cover only EDGE, all browsers can be manipulated this way
on every OS. This will be hard to detect.
## Conclusion:
Please be careful, for suspicious sites or be careful who sending you an link to open!